From 94556668d117a3c7d2e140da3d6e09f7af8c652d Mon Sep 17 00:00:00 2001 From: Michał Górny Date: Fri, 1 Jan 2021 02:59:19 +0100 Subject: sys-libs/cracklib: Remove old (py3.6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Górny --- sys-libs/cracklib/Manifest | 1 - sys-libs/cracklib/cracklib-2.9.6-r2.ebuild | 112 --------------------- .../files/cracklib-2.9.6-CVE-2016-6318.patch | 108 -------------------- ...acklib-2.9.6-fix-long-word-bufferoverflow.patch | 43 -------- 4 files changed, 264 deletions(-) delete mode 100644 sys-libs/cracklib/cracklib-2.9.6-r2.ebuild delete mode 100644 sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch delete mode 100644 sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch (limited to 'sys-libs/cracklib') diff --git a/sys-libs/cracklib/Manifest b/sys-libs/cracklib/Manifest index 18189ac72994..a50754412673 100644 --- a/sys-libs/cracklib/Manifest +++ b/sys-libs/cracklib/Manifest @@ -1,2 +1 @@ -DIST cracklib-2.9.6.tar.gz 642402 BLAKE2B 4d7a0d12d1e7101c82d03f76e073407481078747c283fe3251f947542017fff03fbc5e98505c6a7a8987a2bbcea99dab558c15b1eb8fd16755859ce5a4440ed2 SHA512 2b09672e5b412d670e7ed911ebf0c0023fe2901ea05c9c02eefb7a58a13cddbc27a65d75bb20be9f8cebf4c90a9a56dfe1a3b656dff62b1d6048f5376e671786 DIST cracklib-2.9.7.tar.bz2 603630 BLAKE2B 81a45b2fb9f34da84d4fb864e1a9f67a4b22c246f1e4db1c599a555f79d560a04d95afb01a89cd3a2e0936f0e8fc51ff5ada26098c24d7af0777a94f51b82bbd SHA512 f6bf65ac092ba46ff78ddbc115692260fb76dc71219cd679d2ea935ebfb9e709fbb30259a7406743ed00dbdc415335b3ac9d9fcba1d204ea36d5eb96bf1333a2 diff --git a/sys-libs/cracklib/cracklib-2.9.6-r2.ebuild b/sys-libs/cracklib/cracklib-2.9.6-r2.ebuild deleted file mode 100644 index d1882f16518e..000000000000 --- a/sys-libs/cracklib/cracklib-2.9.6-r2.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python3_6 ) -DISTUTILS_OPTIONAL=1 - -inherit distutils-r1 libtool multilib-minimal toolchain-funcs usr-ldscript - -MY_P=${P/_} -DESCRIPTION="Password Checking Library" -HOMEPAGE="https://github.com/cracklib/cracklib/" -# source tarballs on GitHub lack pre-generated configure script. -#SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://dev.gentoo.org/~polynomial-c/dist/${P}.tar.gz" - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" -IUSE="nls python static-libs zlib" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -RDEPEND="python? ( ${PYTHON_DEPS} ) - zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - python? ( - dev-python/setuptools[${PYTHON_USEDEP}] - )" - -S="${WORKDIR}/${MY_P}" - -PATCHES=( - "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch - "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch -) - -do_python() { - multilib_is_native_abi || return 0 - use python || return 0 - pushd python > /dev/null || die - distutils-r1_src_${EBUILD_PHASE} - popd > /dev/null -} - -pkg_setup() { - # workaround #195017 - if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then - eerror "Upgrade path is broken with FEATURES=unmerge-orphans" - eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib" - die "Please run: FEATURES=-unmerge-orphans emerge cracklib" - fi -} - -src_prepare() { - eapply -p2 "${PATCHES[@]}" - eapply_user - elibtoolize #269003 - do_python -} - -multilib_src_configure() { - local myeconfargs=( - # use /usr/lib so that the dictionary is shared between ABIs - --with-default-dict='/usr/lib/cracklib_dict' - --without-python - $(use_enable nls) - $(use_enable static-libs static) - ) - export ac_cv_header_zlib_h=$(usex zlib) - export ac_cv_search_gzopen=$(usex zlib -lz no) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - default - do_python -} - -multilib_src_test() { - # Make sure we load the freshly built library - LD_LIBRARY_PATH="${BUILD_DIR}/lib/.libs" do_python -} - -python_test() { - ${EPYTHON} -m unittest test_cracklib || die "Tests fail with ${EPYTHON}" -} - -multilib_src_install() { - default - # move shared libs to / - gen_usr_ldscript -a crack - - do_python -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -name "*.la" -delete || die - rm -r "${ED%/}"/usr/share/cracklib || die - - insinto /usr/share/dict - doins dicts/cracklib-small -} - -pkg_postinst() { - if [[ ${ROOT} == "/" ]] ; then - ebegin "Regenerating cracklib dictionary" - create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null - eend $? - fi -} diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch deleted file mode 100644 index bc47734759e2..000000000000 --- a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 -From: Jan Dittberner -Date: Thu, 25 Aug 2016 17:13:49 +0200 -Subject: [PATCH] Apply patch to fix CVE-2016-6318 - -This patch fixes an issue with a stack-based buffer overflow whne -parsing large GECOS field. See -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and -https://security-tracker.debian.org/tracker/CVE-2016-6318 for more -information. ---- - src/NEWS | 1 + - src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- - 2 files changed, 34 insertions(+), 24 deletions(-) - -diff --git a/src/NEWS b/src/NEWS -index 26abeee..361a207 100644 ---- a/src/NEWS -+++ b/src/NEWS -@@ -1,3 +1,4 @@ -+v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field - v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists - migration to github - patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) -diff --git a/src/lib/fascist.c b/src/lib/fascist.c -index a996509..d4deb15 100644 ---- a/src/lib/fascist.c -+++ b/src/lib/fascist.c -@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - char gbuffer[STRINGSIZE]; - char tbuffer[STRINGSIZE]; - char *uwords[STRINGSIZE]; -- char longbuffer[STRINGSIZE * 2]; -+ char longbuffer[STRINGSIZE]; - - if (gecos == NULL) - gecos = ""; -@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - { - for (i = 0; i < j; i++) - { -- strcpy(longbuffer, uwords[i]); -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) - { -- return _("it is derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[i]); -+ strcat(longbuffer, uwords[j]); - -- strcpy(longbuffer, uwords[j]); -- strcat(longbuffer, uwords[i]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derived from your password entry"); -+ } - -- if (GTry(longbuffer, password)) -- { -- return _("it's derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[j]); -+ strcat(longbuffer, uwords[i]); - -- longbuffer[0] = uwords[i][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[j]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derived from your password entry"); -+ } -+ } - -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[j]) < STRINGSIZE - 1) - { -- return _("it is derivable from your password entry"); -+ longbuffer[0] = uwords[i][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[j]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derivable from your password entry"); -+ } - } - -- longbuffer[0] = uwords[j][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[i]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) < STRINGSIZE - 1) - { -- return _("it's derivable from your password entry"); -+ longbuffer[0] = uwords[j][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derivable from your password entry"); -+ } - } - } - } diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch deleted file mode 100644 index 59dc9e539eb3..000000000000 --- a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 -From: Jan Dittberner -Date: Thu, 25 Aug 2016 17:17:53 +0200 -Subject: [PATCH] Fix a buffer overflow processing long words - -A buffer overflow processing long words has been discovered. This commit -applies the patch from -https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch -by Howard Guo. - -See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and -http://www.openwall.com/lists/oss-security/2016/08/23/8 ---- - src/NEWS | 1 + - src/lib/rules.c | 5 ++--- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/NEWS b/src/NEWS -index 361a207..f1df3b0 100644 ---- a/src/NEWS -+++ b/src/NEWS -@@ -1,4 +1,5 @@ - v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field -+ fix a buffer overflow processing long words - v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists - migration to github - patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) -diff --git a/src/lib/rules.c b/src/lib/rules.c -index d193cc0..3a2aa46 100644 ---- a/src/lib/rules.c -+++ b/src/lib/rules.c -@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ - { - int limit; - register char *ptr; -- static char area[STRINGSIZE]; -- char area2[STRINGSIZE]; -- area[0] = '\0'; -+ static char area[STRINGSIZE * 2] = {0}; -+ char area2[STRINGSIZE * 2] = {0}; - strcpy(area, input); - - for (ptr = control; *ptr; ptr++) -- cgit v1.2.3-65-gdbad